撤销用户授权事件
当用户 user_access_token 或 refresh_token 被撤销后,会触发此事件。
前提条件
你需要在应用中配置事件订阅,这样才可以在事件触发时接收到事件数据。了解事件订阅可参见事件订阅概述。
事件
| 项目 | 值 |
|---|---|
| 事件类型 | auth.user_access_token.revoked_v4 |
| 支持的应用类型 | custom,isv |
| 权限要求 订阅该事件所需的权限,开启其中任意一项权限即可订阅 | auth:user_access_token:read 获取 user_access_token 基本信息 |
| 字段权限要求 | > Tip: 该接口返回体中存在下列敏感字段,仅当开启对应的权限后才会返回;如果无需获取这些字段,则不建议申请 contact:user.employee_id:readonly 获取用户 user ID |
| 推送方式 | Webhook |
事件体
| 名称 | 类型 | 描述 |
|---|---|---|
schema | string | 事件模式 |
header | event_header | 事件头 |
└ event_id | string | 事件 ID |
└ event_type | string | 事件类型 |
└ create_time | string | 事件创建时间戳(单位:毫秒) |
└ token | string | 事件 Token |
└ app_id | string | 应用 ID |
└ tenant_key | string | 租户 Key |
event | revoke_token_event | - |
└ revoke_token_type | string | 撤销 token 的类型。可能值有: - user_access_token :仅撤销 user_access_token - refresh_token :仅撤销 refresh_token - user_access_token refresh_token: user_access_token 和 refresh_token 都被撤销数据校验规则: - 长度范围: 0 ~ 10000 字符 |
└ revoke_reason | string | 撤销 token 的原因。可能值有: - Revoked by unknown action.:未知动作,缺省值 - Revoked by user action.:被用户撤销 - Revoked by administrator action.:被管理员撤销 - Revoked by security and risk control action.:因风控和安全被撤销 - Revoked by restriction action.:因限制动作被撤销,包括用户账号冻结、离职、应用不可用、用户对应用无权限等数据校验规则: - 长度范围: 0 ~ 10000 字符 |
└ open_id | string | 用户 open_id |
└ union_id | string | 用户 union_id |
└ user_id | string | 租户内用户的唯一标识 字段权限要求: contact:user.employee_id:readonly 获取用户 user ID |
事件体示例
json
{
"schema": "2.0",
"header": {
"event_id": "5e3702a84e847582be8db7fb73283c02",
"event_type": "auth.user_access_token.revoked_v4",
"create_time": "1608725989000",
"token": "rvaYgkND1GOiu5MM0E1rncYC6PLtF7JV",
"app_id": "cli_9f5343c580712544",
"tenant_key": "2ca1d211f64f6438"
},
"event": {
"revoke_token_type": "user_access_token refresh_token",
"revoke_reason": "Revoked by security and risk control action.",
"open_id": "ou_c99c5f35d542efc7ee492afe11af19ef",
"union_id": "on_cad4860e7af114fb4ff6c5d496d1dd76",
"user_id": "gg895344"
}
}事件订阅示例代码
订阅方式
长连接方式(推荐):无需发布到公网地址,在本地开发环境中即可接收事件回调,且无需处理加解密逻辑。 发送至开发者服务器:需要提供服务器公网地址。
package main
import (
"context"
"fmt"
larkcore "github.com/larksuite/oapi-sdk-go/v3/core"
larkevent "github.com/larksuite/oapi-sdk-go/v3/event"
"github.com/larksuite/oapi-sdk-go/v3/event/dispatcher"
"github.com/larksuite/oapi-sdk-go/v3/service/auth/v4"
larkws "github.com/larksuite/oapi-sdk-go/v3/ws"
)
// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/golang-sdk-guide/preparations
func main() {
// 注册事件 Register event
eventHandler := dispatcher.NewEventDispatcher("", "").
OnP2UserAccessTokenRevokedV4(func(ctx context.Context, event *larkauth.P2UserAccessTokenRevokedV4) error {
fmt.Printf("[ OnP2UserAccessTokenRevokedV4 access ], data: %s\n", larkcore.Prettify(event))
return nil
})
// 构建 client Build client
cli := larkws.NewClient("YOUR_APP_ID", "YOUR_APP_SECRET",
larkws.WithEventHandler(eventHandler),
larkws.WithLogLevel(larkcore.LogLevelDebug),
)
// 建立长连接 Establish persistent connection
err := cli.Start(context.Background())
if err != nil {
panic(err)
}
}# SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/python--sdk/preparations-before-development
import lark_oapi as lark
def do_p2_auth_user_access_token_revoked_v4(data: lark.auth.v4.P2AuthUserAccessTokenRevokedV4) -> None:
print(f'[ do_p2_auth_user_access_token_revoked_v4 access ], data: {lark.JSON.marshal(data, indent=4)}')
# 注册事件 Register event
event_handler = lark.EventDispatcherHandler.builder("", "") \
.register_p2_auth_user_access_token_revoked_v4(do_p2_auth_user_access_token_revoked_v4) \
.build()
def main():
# 构建 client Build client
cli = lark.ws.Client("APP_ID", "APP_SECRET",
event_handler=event_handler, log_level=lark.LogLevel.DEBUG)
# 建立长连接 Establish persistent connection
cli.start()
if __name__ == "__main__":
main()package com.example.sample;
import com.lark.oapi.core.utils.Jsons;
import com.lark.oapi.service.auth.AuthService;
import com.lark.oapi.service.auth.v4.model.P2UserAccessTokenRevokedV4;
import com.lark.oapi.event.EventDispatcher;
import com.lark.oapi.ws.Client;
// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/java-sdk-guide/preparations
public class Sample {
// 注册事件 Register event
private static final EventDispatcher EVENT_HANDLER = EventDispatcher.newBuilder("", "")
.onP2UserAccessTokenRevokedV4(new AuthService.P2UserAccessTokenRevokedV4Handler() {
@Override
public void handle(P2UserAccessTokenRevokedV4 event) throws Exception {
System.out.printf("[ onP2UserAccessTokenRevokedV4 access ], data: %s\n", Jsons.DEFAULT.toJson(event.getEvent()));
}
})
.build();
public static void main(String[] args) {
// 构建 client Build client
Client client = new Client.Builder("APP_ID", "APP_SECRET")
.eventHandler(EVENT_HANDLER)
.build();
// 建立长连接 Establish persistent connection
client.start();
}
}// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/nodejs-sdk/preparation-before-development
import * as Lark from '@larksuiteoapi/node-sdk';
const baseConfig = {
appId: 'APP_ID',
appSecret: 'APP_SECRET'
}
// 构建 client Build client
const wsClient = new Lark.WSClient(baseConfig);
// 建立长连接 Establish persistent connection
wsClient.start({
// 注册事件 Register event
eventDispatcher: new Lark.EventDispatcher({}).register({
'auth.user_access_token.revoked_v4': async (data) => {
console.log(data);
}
})
});package main
import (
"context"
"fmt"
"net/http"
larkcore "github.com/larksuite/oapi-sdk-go/v3/core"
"github.com/larksuite/oapi-sdk-go/v3/core/httpserverext"
larkevent "github.com/larksuite/oapi-sdk-go/v3/event"
"github.com/larksuite/oapi-sdk-go/v3/event/dispatcher"
"github.com/larksuite/oapi-sdk-go/v3/service/auth/v4"
)
// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/golang-sdk-guide/preparations
func main() {
// 注册事件 Register event
eventHandler := dispatcher.NewEventDispatcher("", "").
OnP2UserAccessTokenRevokedV4(func(ctx context.Context, event *larkauth.P2UserAccessTokenRevokedV4) error {
fmt.Printf("[ OnP2UserAccessTokenRevokedV4 access ], data: %s\n", larkcore.Prettify(event))
return nil
})
// 创建路由处理器 Create route handler
http.HandleFunc("/webhook/event", httpserverext.NewEventHandlerFunc(handler, larkevent.WithLogLevel(larkcore.LogLevelDebug)))
err := http.ListenAndServe(":7777", nil)
if err != nil {
panic(err)
}
}# SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/python--sdk/preparations-before-development
from flask import Flask
from lark_oapi.adapter.flask import *
import lark_oapi as lark
app = Flask(__name__)
def do_p2_auth_user_access_token_revoked_v4(data: lark.auth.v4.P2AuthUserAccessTokenRevokedV4) -> None:
print(f'[ do_p2_auth_user_access_token_revoked_v4 access ], data: {lark.JSON.marshal(data, indent=4)}')
# 注册事件 Register event
event_handler = lark.EventDispatcherHandler.builder("", "") \
.register_p2_auth_user_access_token_revoked_v4(do_p2_auth_user_access_token_revoked_v4) \
.build()
# 创建路由处理器 Create route handler
@app.route("/webhook/event", methods=["POST"])
def event():
resp = event_handler.do(parse_req())
return parse_resp(resp)
if __name__ == "__main__":
app.run(port=7777)package com.lark.oapi.sample.event;
import com.lark.oapi.core.utils.Jsons;
import com.lark.oapi.service.auth.AuthService;
import com.lark.oapi.service.auth.v4.model.P2UserAccessTokenRevokedV4;
import com.lark.oapi.sdk.servlet.ext.ServletAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/java-sdk-guide/preparations
@RestController
public class EventController {
// 注册事件 Register event
private static final EventDispatcher EVENT_HANDLER = EventDispatcher.newBuilder("verificationToken", "encryptKey")
.onP2UserAccessTokenRevokedV4(new AuthService.P2UserAccessTokenRevokedV4Handler() {
@Override
public void handle(P2UserAccessTokenRevokedV4 event) throws Exception {
System.out.printf("[ onP2UserAccessTokenRevokedV4 access ], data: %s\n", Jsons.DEFAULT.toJson(event.getEvent()));
}
})
.build();
// 注入 ServletAdapter 实例 Inject ServletAdapter instance
@Autowired
private ServletAdapter servletAdapter;
// 创建路由处理器 Create route handler
@RequestMapping("/webhook/event")
public void event(HttpServletRequest request, HttpServletResponse response)
throws Throwable {
// 回调扩展包提供的事件回调处理器 Callback handler provided by the extension package
servletAdapter.handleEvent(request, response, EVENT_DISPATCHER);
}
}// SDK 使用说明 SDK user guide:https://open.feishu.cn/document/uAjLw4CM/ukTMukTMukTM/server-side-sdk/nodejs-sdk/preparation-before-development
import http from 'http';
import * as lark from '@larksuiteoapi/node-sdk';
// 注册事件 Register event
const eventDispatcher = new lark.EventDispatcher({
encryptKey: '',
verificationToken: '',
}).register({
'auth.user_access_token.revoked_v4': async (data) => {
console.log(data);
return 'success';
},
});
const server = http.createServer();
// 创建路由处理器 Create route handler
server.on('request', lark.adaptDefault('/webhook/event', eventDispatcher));
server.listen(3000);